5 matches found
Wordpress Like Button Plugin Authentication Bypass (CVE-2019-13344)
An authentication bypass vulnerability exists in the Wordpress plugin like button. Successful exploitation of this vulnerability would allow remote attackers to gain unauthorized access into the affected system...
WordPress Like Button 1.6.0 Authentication Bypass
Exploit Title: WP Like Button 1.6.0 - Auth Bypass Date: 05-Jul-19 Exploit Author: Benjamin Lim Vendor Homepage: http://www.crudlab.com Software Link: https://wordpress.org/plugins/wp-like-button/ Version: 1.6.0 CVE : CVE-2019-13344 1. Product & Service Introduction: WP Like button allows you to a...
WordPress Like Button 1.6.0 Plugin - Authentication Bypass Vulnerability
Exploit for php platform in category web applications Exploit Title: WP Like Button 1.6.0 - Auth Bypass Exploit Author: Benjamin Lim Vendor Homepage: http://www.crudlab.com Software Link: https://wordpress.org/plugins/wp-like-button/ Version: 1.6.0 CVE : CVE-2019-13344 1. Product & Service...
WordPress Plugin Like Button 1.6.0 - Authentication Bypass
WordPress Plugin Like Button 1.6.0 - Authentication Bypass Exploit Title: WP Like Button 1.6.0 - Auth Bypass Date: 05-Jul-19 Exploit Author: Benjamin Lim Vendor Homepage: http://www.crudlab.com Software Link: https://wordpress.org/plugins/wp-like-button/ Version: 1.6.0 CVE : CVE-2019-13344 1...
CVE-2019-13344
CVE-2019-13344 involves the CRUDLab WordPress plugin “WP Like Button” (versions up to 1.6.0). The root cause is in the contains() function of wp_like_button.php, which fails to verify the current user’s authorization, enabling any unauthenticated user to update plugin settings (e.g., via wp-admin...